OAUTH Client Credentials Implementation


I have a resource in my Integration and the requirement is to use Oauth2.0 for accessing the resource. The resource would be accessed by another application(not end user), IS acts as both resource server and authorization server. We are considering to use the client credentials grant for the same.

But from IS Admin guide, I can find that only auth code grant and implicit grant are supported. Has some one used Client Credentials Oauth Grant and secured REST end points?

Thanks in advance,

Hi Valli,

We have implemented Client Credentials Grant and its in place from IS 10.1.


Thanks Deepan. I was looking for implementing it for accessing rest v2 service and got to know that feature is not available on restV2 services. I was also able to do it on other services.


Hi Valli,

I believe RESTv2 support for OAuth was added in the 10.5 release.


Hi Deepan,

Could you please guide me on step by step process of oauth2.0 implementation in integration server. I created the redirect uri and try to get access code browsers but getting errors… service not avalible … could you please help me on this

Hi Nagaraju,

The client credentials grant is the simplest of the OAuth grants. The client has it’s own credentials and calls the token endpoint directly. There is no redirection involved. You can see the description in the OAuth 2.0 specification. When Integration Server is your OAuth authorization server, the client can simple call pub.oauth:getToken as described in the spec:

4.4.2. Access Token Request

The client makes a request to the token endpoint by adding the
following parameters using the “application/x-www-form-urlencoded”
format per Appendix B with a character encoding of UTF-8 in the HTTP
request entity-body:

REQUIRED. Value MUST be set to “client_credentials”.

OPTIONAL. The scope of the access request as described by
Section 3.3.

The client MUST authenticate with the authorization server as
described in Section 3.2.1.

So… just one request with one or two parameters.


This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.